10.0
10.1
11.0
11.1
11.2
11.3
12.0
12.1
12.2
6.0
6.1
6.2
6.2.0
6.2.0-rc1
6.2.0-rc2
6.3
6.3-rc1
6.3-rc2
6.3-rc3
7.10
7.4
7.5
7.6
7.6-blfs
7.6-systemd
7.7
7.8
7.9
8.0
8.1
8.2
8.3
8.4
9.0
9.1
basic
bdubbs/svn
elogind
gimp3
gnome
kde5-13430
kde5-14269
kde5-14686
kea
ken/TL2024
ken/inkscape-core-mods
ken/tuningfonts
krejzi/svn
lazarus
lxqt
nosym
perl-modules
plabs/newcss
plabs/python-mods
python3.11
qt5new
rahul/power-profiles-daemon
renodr/vulkan-addition
systemd-11177
systemd-13485
trunk
upgradedb
v5_0
v5_1
v5_1-pre1
xry111/for-12.3
xry111/intltool
xry111/llvm18
xry111/soup3
xry111/spidermonkey128
xry111/test-20220226
xry111/xf86-video-removal
Last change
on this file since bf8d7ea was 5e18c49c, checked in by Larry Lawrence <larry@…>, 21 years ago |
compound word edits, a2ps expanded intro
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1303 af4574ff-66df-0310-9fd7-8a98e5e911e0
|
-
Property mode
set to
100644
|
File size:
1.6 KB
|
Rev | Line | |
---|
[f45b1953] | 1 | <sect2>
|
---|
| 2 | <title>Command explanations</title>
|
---|
| 3 |
|
---|
[6998c44a] | 4 | <para><screen><command>sed 's/-o bin/-o root/'...</command></screen>
|
---|
| 5 | Adjusts the <filename>Makefile</filename> so that the program is installed
|
---|
| 6 | with user root instead of user bin (which doesn't exist on a default
|
---|
| 7 | <acronym>LFS</acronym> system).</para>
|
---|
[f45b1953] | 8 |
|
---|
[0482b012] | 9 | <para><command>make install</command>: Installs <command>traceroute</command>
|
---|
[5e18c49c] | 10 | with <acronym>UID</acronym> set to root in the <filename>/usr/sbin</filename> directory. This makes it
|
---|
[6998c44a] | 11 | possible for all users to execute <command>traceroute</command>. For absolute
|
---|
[5e18c49c] | 12 | security, turn off the <acronym>SUID</acronym> bit in <command>traceroute</command>'s file
|
---|
[6998c44a] | 13 | permissions with the command:
|
---|
| 14 | <screen><command>chmod 0755 /usr/sbin/traceroute</command></screen></para>
|
---|
[f45b1953] | 15 |
|
---|
| 16 | <para>The risk is that if a security problem such as a buffer overflow were
|
---|
[6998c44a] | 17 | ever found in the <application>Traceroute</application> code, a regular user
|
---|
[5e18c49c] | 18 | on your system could gain root access if the program is
|
---|
| 19 | <acronym>SUID</acronym> root. Removing
|
---|
| 20 | the <acronym>SUID</acronym> permission of course also makes it impossible for users other than
|
---|
[6998c44a] | 21 | root to utilize <command>traceroute</command>, so decide what's right for your
|
---|
| 22 | individual situation.</para>
|
---|
[f45b1953] | 23 |
|
---|
[6998c44a] | 24 | <para>Now, to be completely <acronym>FHS</acronym> compliant, as is our aim, if
|
---|
[5e18c49c] | 25 | you do leave the <command>traceroute</command> binary
|
---|
| 26 | <acronym>SUID</acronym> root, then you
|
---|
[6998c44a] | 27 | should move <filename>traceroute</filename> to <filename>/usr/bin</filename>
|
---|
[f45b1953] | 28 | with the following command:
|
---|
[6998c44a] | 29 | <screen><command>mv /usr/sbin/traceroute /usr/bin</command></screen></para>
|
---|
[f45b1953] | 30 |
|
---|
| 31 | <para>This ensures that the binary is in the path for non-root users.</para>
|
---|
| 32 |
|
---|
| 33 | </sect2>
|
---|
| 34 |
|
---|
Note:
See
TracBrowser
for help on using the repository browser.